350-401 · Question #532
350-401 Question #532: Real Exam Question with Answer & Explanation
The correct answer is A: intrusion prevention. Explanation Intrusion Prevention Systems (IPS), when deployed at the network perimeter, use behavioral analysis and heuristic detection to identify and block novel, previously unseen threats - making them effective against zero-day attacks without requiring known signatures. Stat
Question
Which threat defence mechanism, when deployed at the network perimeter, protects against zero-day attacks?
Options
- Aintrusion prevention
- Bstateful inspection
- Csandbox
- DSSL decryption
Explanation
Explanation
Intrusion Prevention Systems (IPS), when deployed at the network perimeter, use behavioral analysis and heuristic detection to identify and block novel, previously unseen threats - making them effective against zero-day attacks without requiring known signatures. Stateful inspection (B) only tracks the state of network connections to determine if traffic is legitimate, but has no mechanism to analyze or block malicious payloads in unknown attacks. Sandbox (C) is a powerful zero-day defense, but it is typically an internal or cloud-based analysis environment, not a perimeter-deployed network defense mechanism - making it contextually incorrect here. SSL decryption (D) is a prerequisite technique that unwraps encrypted traffic so other tools can inspect it; it has no detection or prevention capability on its own.
💡 Memory Tip: Think of IPS as a smart security guard at the front gate - it doesn't just check IDs (known signatures), it watches behavior and can stop suspicious individuals (zero-days) before they enter. If the question specifies "perimeter," point to IPS as the active, inline defense mechanism.
Topics
Community Discussion
No community discussion yet for this question.